<?php
/**
 * Common 模块
 * @author cyp
 * 
 */
if(!defined('IN_ORA')) {
	exit('Access Denied');
}

/**
 * 验证码
 */
if($GLOBALS["act"]=='verify'){
	session_start();
	import("lib.image");
	if (isset($_REQUEST['adv'])) {
		Image::showAdvVerify();
	} else {
		Image::buildImageVerify();
	}
	exit();
}
/**
 * 系统登录页面
 */
else if($GLOBALS['act']=='login'){
	$GLOBALS['__msg_tpl__'] = "admin/msg.html";
	if(isset($_POST["submit"])){
		//处理登录操作
		session_start();
		$username = $_POST["username"];
		$passwd  = $_POST["passwd"];
		$verify = $_POST["verify"];
		if($_SESSION["verify"]!=md5($verify)){
			showMsg("验证码不正确!",parse_uri("common-login"),1);
		}
		if($username == ""){
			showMsg("请输入帐号!",parse_uri("common-login"),1);
		}
		if($passwd ==""){
			showMsg("请输入密码!",parse_uri("common-login"),1);
		}
		$rs = chkAdmin($username,$passwd);
		if($rs){
			$_SESSION["admin"] = $rs;
			showMsg("登录成功!",parse_uri("admin-index"),1);
		}else{
			showMsg("帐号密码错误!",parse_uri("common-login"),1);
		}
	}else{
		$GLOBALS["tpl"]->display("admin/login.html");
	}
}
/**
 * 注销登录
 */
else if($GLOBALS['act']=='logout'){
	$GLOBALS['__msg_tpl__'] = "admin/msg.html";
	session_start();
	unset($_SESSION["admin"]);
	unset($_SESSION["member"]);
	showMsg("注销成功!");
}
/**
 * private function chkuser
 *
 * @param unknown_type $username
 * @param unknown_type $passwd
 * @return unknown
 */
function chkAdmin($username,$passwd){
	$sql = "select * from ".tn("members")." where uname = '$username' and  passwd = '".md5($passwd)."'";
	$info = $GLOBALS['db']->getOne($sql);
	if($info){
		return $info;
	}
	return false;
}


?>